Hello all,
This is my problem, I currently have a building location where my work offers wifi. I have built an app for them that connects to our sql database. My work wants the app at that location where wifi is offered to the public.
Currently there is free wifi offered to the public at this location, so the modem has a netgear wifi router attached to it. First question: (1) Where would I attach the vpn router? To the wifi router or modem? (2) Would there be a security risk for my works database if I set this all up(i.e. had a vpn connection to our database and had free wifi at this location also)?
I was told by the other I.T. guy that this is a possible security risk because anybody hooked up to wifi could access our network? Eventhough this building location is not networked to our main network.
Thanks in advance. Im really just looking for another professional opinion.

Featured Replies in this Discussion

If the router that connects public wifi to the internet will ALSO be used to create a VPN tunnel, this is still a safe config if done correctly. Just separate out the public wifi space from the private space in 2 VLANs isolated from each other. Both route outbound. THe VPN tunnel is built to match the interesting traffic to only the private wifi subnet. I do this all the time.

To have a dedicated router that can support VPN tunnel would suggest that you have more than one person in this building that needs a secure connection back to the remote office. Generally, these "branch office" tunnels are created so that you can have a small office of employees to have a secure connection back. However, just to summarize what I had suggested before...if you are the only employee at this location, then a VPN…

So I am not clear based on your description, but is sounds like there is a location that you are at that has Wifi. This Wifi network is connected to the Internet. You want to be able to connect back to your work's network. If this is correct, this is my suggestion...

You do not need a VPN router. If you want to connect back to your corporate network, if they offer VPN services, you need the VPN client loaded on your computer. If they do not have VPN services, how do you normally connect back when you are travelling or at a remote location? Connecting back to a work location via VPN over a public netowrk is Safe. That is the point of VPN, to secure the connection over an untrusted network.

"Anyone connecting on this wifi could access your network, but its not connected to your work network???" Of course not... How did this IT person explain that a person could connect back to the work network through a public wifi?

>>How did this IT person explain that a person could connect back to the work network through a public wifi?

I think he meant that he wanted to take a router and connect it downstream from the public wifi router. So that his wan port is connected to the public router and he offers his own wifi. His router would then create a peer to peer vpn tunnel.

#1 - most consumer routers will not let you connect WAN to a wifi network.
#2 - if somehow you got around #1, if you leave your wifi open, then yes, everyone could connect to the remote network.
#3 - Your IT person should have suggested just using a client on your PC.

this building location that is offering wifi is NOT connected to the work network. However, the vpn connection that I need for the app will be connecting to the work network. The other I.T. guy stupidly told me in one sentence that its a security vulnerability because anyone connected to the public wifi will be able to hit the work network. I disagreed with him but didnt want to argue about it. Not an arguer, im more of a solutions kind of guy. Thanks for the help guys!

If the router that connects public wifi to the internet will ALSO be used to create a VPN tunnel, this is still a safe config if done correctly.

Just separate out the public wifi space from the private space in 2 VLANs isolated from each other. Both route outbound. THe VPN tunnel is built to match the interesting traffic to only the private wifi subnet.

To have a dedicated router that can support VPN tunnel would suggest that you have more than one person in this building that needs a secure connection back to the remote office. Generally, these "branch office" tunnels are created so that you can have a small office of employees to have a secure connection back. However, just to summarize what I had suggested before...if you are the only employee at this location, then a VPN router is not feasible. All you need to do is load the VPN client on your computer and connect back to your work's network through their VPN gateway. This will create a secure tunnel over this pubic network. That is safe. If you do require to create a branch office tunnel, then both networks at this location should be separated by VLANs.

At the location that offers free wifi its a Netgear G54 wireless router. And at the main office where the database server(WORK NETWORK) is at, the router is a Linksys 10/100 8-port VPN Router. But I think I been overthinking about this whole situation. I do believe that if I set up a vpn connection to the database network(WORK NETWORK), it will work just fine and it will be secure, and no public wifi user should be able to access ANY network resources that is on the WORK NETWORK. PLEASE correct me if I am wrong.?!

I do believe that if I set up a vpn connection to the database network(WORK NETWORK), it will work just fine and it will be secure, and no public wifi user should be able to access ANY network resources that is on the WORK NETWORK. PLEASE correct me if I am wrong.?!

Thanks for all the help guys. But when you say use a vpn client, whta specifically are you talking about? I was just talking about using the Windows Create a vpn connection wizard. I wouldnt need to get some special vpn client software would I? Im open to ALL recommendations. And please be specific on your answers as it is a little difficult to interpret you guys at times lol Dont take it personal.